<!DOCTYPE html>
<html lang="zh-CN">
<head>
  <meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=2">
<meta name="theme-color" content="#222">
<meta name="generator" content="Hexo 6.3.0">
  <link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon-next.png">
  <link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32-next.png">
  <link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16-next.png">
  <link rel="mask-icon" href="/images/logo.svg" color="#222">

<link rel="stylesheet" href="/css/main.css">


<link rel="stylesheet" href="/lib/font-awesome/css/all.min.css">

<script id="hexo-configurations">
    var NexT = window.NexT || {};
    var CONFIG = {"hostname":"ghostlitao.gitee.io","root":"/","scheme":"Gemini","version":"7.8.0","exturl":false,"sidebar":{"position":"left","display":"post","padding":18,"offset":12,"onmobile":false},"copycode":{"enable":false,"show_result":false,"style":null},"back2top":{"enable":true,"sidebar":false,"scrollpercent":false},"bookmark":{"enable":false,"color":"#222","save":"auto"},"fancybox":false,"mediumzoom":false,"lazyload":false,"pangu":false,"comments":{"style":"tabs","active":null,"storage":true,"lazyload":false,"nav":null},"algolia":{"hits":{"per_page":10},"labels":{"input_placeholder":"Search for Posts","hits_empty":"We didn't find any results for the search: ${query}","hits_stats":"${hits} results found in ${time} ms"}},"localsearch":{"enable":false,"trigger":"auto","top_n_per_article":1,"unescape":false,"preload":false},"motion":{"enable":true,"async":false,"transition":{"post_block":"fadeIn","post_header":"slideDownIn","post_body":"slideDownIn","coll_header":"slideLeftIn","sidebar":"slideUpIn"}}};
  </script>

  <meta name="description" content="MISSION 0x011234Host: venus.hackmyvm.euPort: 5000User: hackerPass: havefun!  ssh hacker@venus.hackmyvm.eu -p 5000 登陆后，进入 Mission 1 ：还有一个 readme.txt 可以先看看 1234cat  mission.txt# User sophia has saved he">
<meta property="og:type" content="article">
<meta property="og:title" content="复盘HMVLabs Chapter 1: Venus">
<meta property="og:url" content="https://ghostlitao.gitee.io/2024/02/07/hmv-%E5%A4%8D%E7%9B%98HMVLabs-Chapter-1-Venus/index.html">
<meta property="og:site_name" content="去找Todd">
<meta property="og:description" content="MISSION 0x011234Host: venus.hackmyvm.euPort: 5000User: hackerPass: havefun!  ssh hacker@venus.hackmyvm.eu -p 5000 登陆后，进入 Mission 1 ：还有一个 readme.txt 可以先看看 1234cat  mission.txt# User sophia has saved he">
<meta property="og:locale" content="zh_CN">
<meta property="article:published_time" content="2024-02-07T08:05:21.000Z">
<meta property="article:modified_time" content="2024-04-09T00:35:24.803Z">
<meta property="article:author" content="Todd">
<meta property="article:tag" content="安全 靶场">
<meta name="twitter:card" content="summary">

<link rel="canonical" href="https://ghostlitao.gitee.io/2024/02/07/hmv-%E5%A4%8D%E7%9B%98HMVLabs-Chapter-1-Venus/">


<script id="page-configurations">
  // https://hexo.io/docs/variables.html
  CONFIG.page = {
    sidebar: "",
    isHome : false,
    isPost : true,
    lang   : 'zh-CN'
  };
</script>

  <title>复盘HMVLabs Chapter 1: Venus | 去找Todd</title>
  


  <script>
    var _hmt = _hmt || [];
    (function() {
      var hm = document.createElement("script");
      hm.src = "https://hm.baidu.com/hm.js?d988341c748563d16048e8e7dab0f384";
      var s = document.getElementsByTagName("script")[0];
      s.parentNode.insertBefore(hm, s);
    })();
  </script>




  <noscript>
  <style>
  .use-motion .brand,
  .use-motion .menu-item,
  .sidebar-inner,
  .use-motion .post-block,
  .use-motion .pagination,
  .use-motion .comments,
  .use-motion .post-header,
  .use-motion .post-body,
  .use-motion .collection-header { opacity: initial; }

  .use-motion .site-title,
  .use-motion .site-subtitle {
    opacity: initial;
    top: initial;
  }

  .use-motion .logo-line-before i { left: initial; }
  .use-motion .logo-line-after i { right: initial; }
  </style>
</noscript>

</head>

<body itemscope itemtype="http://schema.org/WebPage">
  <div class="container use-motion">
    <div class="headband"></div>

    <header class="header" itemscope itemtype="http://schema.org/WPHeader">
      <div class="header-inner"><div class="site-brand-container">
  <div class="site-nav-toggle">
    <div class="toggle" aria-label="切换导航栏">
      <span class="toggle-line toggle-line-first"></span>
      <span class="toggle-line toggle-line-middle"></span>
      <span class="toggle-line toggle-line-last"></span>
    </div>
  </div>

  <div class="site-meta">

    <a href="/" class="brand" rel="start">
      <span class="logo-line-before"><i></i></span>
      <h1 class="site-title">去找Todd</h1>
      <span class="logo-line-after"><i></i></span>
    </a>
      <p class="site-subtitle" itemprop="description">Todd的博客</p>
  </div>

  <div class="site-nav-right">
    <div class="toggle popup-trigger">
    </div>
  </div>
</div>




<nav class="site-nav">
  <ul id="menu" class="main-menu menu">
        <li class="menu-item menu-item-home">

    <a href="/" rel="section"><i class="fa fa-home fa-fw"></i>首页</a>

  </li>
        <li class="menu-item menu-item-tags">

    <a href="/tags/" rel="section"><i class="fa fa-tags fa-fw"></i>标签</a>

  </li>
        <li class="menu-item menu-item-categories">

    <a href="/categories/" rel="section"><i class="fa fa-th fa-fw"></i>分类</a>

  </li>
        <li class="menu-item menu-item-archives">

    <a href="/archives/" rel="section"><i class="fa fa-archive fa-fw"></i>归档</a>

  </li>
  </ul>
</nav>




</div>
    </header>

    
  <div class="back-to-top">
    <i class="fa fa-arrow-up"></i>
    <span>0%</span>
  </div>


    <main class="main">
      <div class="main-inner">
        <div class="content-wrap">
          

          <div class="content post posts-expand">
            

    
  
  
  <article itemscope itemtype="http://schema.org/Article" class="post-block" lang="zh-CN">
    <link itemprop="mainEntityOfPage" href="https://ghostlitao.gitee.io/2024/02/07/hmv-%E5%A4%8D%E7%9B%98HMVLabs-Chapter-1-Venus/">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="image" content="https://mp-b6a394ba-6e60-4cdf-941a-67c55476595e.cdn.bspapp.com/cloudstorage/43eb35ef-1aed-4d61-9ebb-a777fa49e70a.">
      <meta itemprop="name" content="Todd">
      <meta itemprop="description" content="把生命浪费在美好的实物上">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="去找Todd">
    </span>
      <header class="post-header">
        <h1 class="post-title" itemprop="name headline">
          复盘HMVLabs Chapter 1: Venus
        </h1>

        <div class="post-meta">
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="far fa-calendar"></i>
              </span>
              <span class="post-meta-item-text">发表于</span>

              <time title="创建时间：2024-02-07 16:05:21" itemprop="dateCreated datePublished" datetime="2024-02-07T16:05:21+08:00">2024-02-07</time>
            </span>
              <span class="post-meta-item">
                <span class="post-meta-item-icon">
                  <i class="far fa-calendar-check"></i>
                </span>
                <span class="post-meta-item-text">更新于</span>
                <time title="修改时间：2024-04-09 08:35:24" itemprop="dateModified" datetime="2024-04-09T08:35:24+08:00">2024-04-09</time>
              </span>
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="far fa-folder"></i>
              </span>
              <span class="post-meta-item-text">分类于</span>
                <span itemprop="about" itemscope itemtype="http://schema.org/Thing">
                  <a href="/categories/%E9%9D%B6%E5%9C%BA/" itemprop="url" rel="index"><span itemprop="name">靶场</span></a>
                </span>
            </span>

          

        </div>
      </header>

    
    
    
    <div class="post-body" itemprop="articleBody">

      
        <h1 id="MISSION-0x01"><a href="#MISSION-0x01" class="headerlink" title="MISSION 0x01"></a>MISSION 0x01</h1><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">Host: venus.hackmyvm.eu</span><br><span class="line">Port: 5000</span><br><span class="line">User: hacker</span><br><span class="line">Pass: havefun!</span><br></pre></td></tr></table></figure>

<p><code>ssh hacker@venus.hackmyvm.eu -p 5000</code> 登陆后，进入 Mission 1 ：<br>还有一个 readme.txt 可以先看看</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span>  mission.txt</span><br><span class="line"></span><br><span class="line"><span class="comment"># User sophia has saved her password in a hidden file in this folder. Find it and log in as sophia.</span></span><br><span class="line"></span><br></pre></td></tr></table></figure>

<span id="more"></span>


<p>就是个隐藏文件，ls -al 就看见了。</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">ls</span> -al</span><br><span class="line"></span><br><span class="line">total 44</span><br><span class="line">drwxr-x--- 1 root   hacker 4096 Jul 26  2023 .</span><br><span class="line">drwxr-xr-x 1 root   root   4096 Jul 26  2023 ..</span><br><span class="line">-rw-r----- 1 root   hacker   31 Jul 26  2023 ... &lt;-- Hidden Flag --&gt;</span><br><span class="line">-rw-r--r-- 1 hacker hacker  220 Apr 23  2023 .bash_logout</span><br><span class="line">-rw-r--r-- 1 hacker hacker 3621 Aug 10 14:17 .bashrc</span><br><span class="line">-rw-r----- 1 root   hacker   16 Jul 26  2023 .myhiddenpazz</span><br><span class="line">-rw-r--r-- 1 hacker hacker  807 Apr 23  2023 .profile</span><br><span class="line">-rw-r----- 1 root   hacker  287 Jul 26  2023 mission.txt</span><br><span class="line">-rw-r----- 1 root   hacker 2542 Jul 26  2023 readme.txt</span><br><span class="line"></span><br><span class="line"><span class="built_in">cat</span> .myhiddenpazz</span><br><span class="line">Y1----jc</span><br></pre></td></tr></table></figure>

<p>切换用户<code>su - sophia</code> 进入第二关：</p>
<h1 id="MISSION-0x02"><a href="#MISSION-0x02" class="headerlink" title="MISSION 0x02"></a>MISSION 0x02</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"></span><br><span class="line"><span class="comment">#The user angela has saved her password in a file but she does not remember where ... she only remembers that the file was called whereismypazz.txt</span></span><br><span class="line"></span><br><span class="line">find / -name <span class="string">&quot;whereismypazz.txt&quot;</span> 2&gt;/dev/null`</span><br><span class="line">/usr/share/whereismypazz.txt</span><br><span class="line"></span><br><span class="line"><span class="comment"># 找到文件后，</span></span><br><span class="line">/usr/share/whereismypazz.txt</span><br><span class="line">oh----je</span><br><span class="line"></span><br></pre></td></tr></table></figure>

<p>切换用户<code>su - angela</code> 进入第三关：</p>
<h1 id="MISSION-0x03"><a href="#MISSION-0x03" class="headerlink" title="MISSION 0x03"></a>MISSION 0x03</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The password of the user emma is in line 4069 of the file findme.txt</span></span><br><span class="line">vim findme.txt</span><br><span class="line"><span class="comment"># 输入 :4069 回车, 找到密码 :set number 可以显示行号</span></span><br><span class="line"><span class="comment"># 或者 `sed -n 4069p findme.txt`</span></span><br><span class="line">fI----8O</span><br><span class="line">su - emma</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x04"><a href="#MISSION-0x04" class="headerlink" title="MISSION 0x04"></a>MISSION 0x04</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># User mia has left her password in the file -.</span></span><br><span class="line"><span class="built_in">cat</span> ./-</span><br><span class="line">iK----os</span><br><span class="line">su - mia</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x05"><a href="#MISSION-0x05" class="headerlink" title="MISSION 0x05"></a>MISSION 0x05</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># It seems that the user camila has left her password inside a folder called hereiam</span></span><br><span class="line"></span><br><span class="line">find / -<span class="built_in">type</span> d -name <span class="string">&quot;hereiam&quot;</span> 2&gt;/dev/null</span><br><span class="line">/opt/hereiam</span><br><span class="line"></span><br><span class="line"><span class="built_in">ls</span> -al /opt/hereiam</span><br><span class="line">-rw-r--r-- 1 root root   16 Jul 26  2023 .here</span><br><span class="line"></span><br><span class="line"><span class="built_in">cat</span> /opt/hereiam/.here</span><br><span class="line">F6----Oc</span><br><span class="line"></span><br><span class="line">su - camila</span><br><span class="line"></span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x06"><a href="#MISSION-0x06" class="headerlink" title="MISSION 0x06"></a>MISSION 0x06</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The user luna has left her password in a file inside the muack folder.</span></span><br><span class="line">find / -<span class="built_in">type</span> d -name <span class="string">&quot;muack&quot;</span> 2&gt;/dev/null</span><br><span class="line">/pwned/camila/muack</span><br><span class="line"></span><br><span class="line"><span class="built_in">ls</span> -al /pwned/camila/muack</span><br><span class="line"><span class="comment"># 打开有很多文件夹，用find找到文件</span></span><br><span class="line">find /pwned/camila/muack -<span class="built_in">type</span> f  2&gt;/dev/null</span><br><span class="line">/pwned/camila/muack/111/111/muack</span><br><span class="line"></span><br><span class="line"><span class="built_in">cat</span> /pwned/camila/muack/111/111/muack</span><br><span class="line">j3----Mc</span><br><span class="line"></span><br><span class="line">su - luna</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x07"><a href="#MISSION-0x07" class="headerlink" title="MISSION 0x07"></a>MISSION 0x07</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The user eleanor has left her password in a file that occupies 6969 bytes.</span></span><br><span class="line">find / -<span class="built_in">type</span> f -size 6969c 2&gt;/dev/null</span><br><span class="line">/usr/share/moon.txt</span><br><span class="line"></span><br><span class="line"><span class="built_in">cat</span> /usr/share/moon.txt</span><br><span class="line">UN----7b</span><br><span class="line">su - eleanor</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x08"><a href="#MISSION-0x08" class="headerlink" title="MISSION 0x08"></a>MISSION 0x08</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The user victoria has left her password in a file in which the owner is the user violin.</span></span><br><span class="line">find / -<span class="built_in">type</span> f -user violin 2&gt;/dev/null</span><br><span class="line">/usr/local/games/yo</span><br><span class="line"></span><br><span class="line"><span class="built_in">cat</span> /usr/local/games/yo</span><br><span class="line">pz----Sj</span><br><span class="line">su - victoria</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x09"><a href="#MISSION-0x09" class="headerlink" title="MISSION 0x09"></a>MISSION 0x09</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The user isla has left her password in a zip file.</span></span><br><span class="line"><span class="comment"># 本目录下有一个 passw0rd.zip</span></span><br><span class="line">unzip passw0rd.zip</span><br><span class="line"><span class="comment"># 直接解压没有写入权限,本以为可以去 /var/tmp 下搞，不过里面已经有别人留下的了  里面太乱了，可以提前看下文件解压后的内容</span></span><br><span class="line">unzip -l passw0rd.zip</span><br><span class="line"><span class="comment"># 解压到 /var/tmp</span></span><br><span class="line">unzip passw0rd.zip -d /var/tmp</span><br><span class="line"><span class="comment"># 发现没有权限创建文件夹，scp 搞下来：</span></span><br><span class="line">scp -P 5000 victoria@venus.hackmyvm.eu:/pwned/victoria/passw0rd.zip .</span><br><span class="line"><span class="comment"># 再本地解压</span></span><br><span class="line">unzip passw0rd.zip</span><br><span class="line"><span class="built_in">cat</span> pwned/victoria/passw0rd.txt</span><br><span class="line">D3----Bb</span><br><span class="line">su - isla</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x10"><a href="#MISSION-0x10" class="headerlink" title="MISSION 0x10"></a>MISSION 0x10</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The password of the user violet is in the line that begins with a9HFX (these 5 characters are not part of her password.).</span></span><br><span class="line"><span class="comment"># 目录下有一个文件 passy，用正则找到 &#x27;a9HFX&#x27; 开头的这一行</span></span><br><span class="line">grep -n <span class="string">&#x27;^a9HFX&#x27;</span> passy</span><br><span class="line"><span class="comment"># 708:a9HFXWK----Ac</span></span><br><span class="line"></span><br><span class="line">su - violet</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x11"><a href="#MISSION-0x11" class="headerlink" title="MISSION 0x11"></a>MISSION 0x11</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The password of the user lucy is in the line that ends with 0JuAZ (these last 5 characters are not part of her password)</span></span><br><span class="line"></span><br><span class="line">grep -n <span class="string">&#x27;0JuAZ$&#x27;</span> end</span><br><span class="line">505:OC----ud0JuAZ</span><br><span class="line"></span><br><span class="line">su - lucy</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x12"><a href="#MISSION-0x12" class="headerlink" title="MISSION 0x12"></a>MISSION 0x12</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The password of the user elena is between the characters fu and ck</span></span><br><span class="line"><span class="comment"># 这次我们换一个方法，用vim 打开文件，然后搜索</span></span><br><span class="line">vim end</span><br><span class="line"><span class="comment"># 输入 /fu(?&#123;1-&#125;)ck 回车</span></span><br><span class="line">fu4x----9tck</span><br><span class="line"></span><br><span class="line">su - elena</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x13"><a href="#MISSION-0x13" class="headerlink" title="MISSION 0x13"></a>MISSION 0x13</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line"></span><br><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The user alice has her password is in an environment variable.</span></span><br><span class="line"><span class="built_in">env</span></span><br><span class="line"><span class="comment"># 看到</span></span><br><span class="line">PASS=Cg----qt</span><br><span class="line"></span><br><span class="line">su - alice</span><br><span class="line"></span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x14"><a href="#MISSION-0x14" class="headerlink" title="MISSION 0x14"></a>MISSION 0x14</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The admin has left the password of the user anna as a comment in the file passwd.</span></span><br><span class="line"><span class="built_in">cat</span> /etc/passwd</span><br><span class="line"><span class="comment"># 找到 anna 的密码在：</span></span><br><span class="line"><span class="comment"># alice:x:1014:1014:w8----ox:/pwned/alice:/bin/bash</span></span><br><span class="line">su - anna</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x15"><a href="#MISSION-0x15" class="headerlink" title="MISSION 0x15"></a>MISSION 0x15</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># Maybe sudo can help you to be natalia.</span></span><br><span class="line">sudo -l</span><br><span class="line"><span class="comment">#  (natalia) NOPASSWD: /bin/bash</span></span><br><span class="line">sudo -u natalia /bin/bash</span><br><span class="line"><span class="built_in">cd</span></span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x16"><a href="#MISSION-0x16" class="headerlink" title="MISSION 0x16"></a>MISSION 0x16</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The password of user eva is encoded in the base64.txt file</span></span><br><span class="line"><span class="built_in">cat</span> base64.txt | <span class="built_in">base64</span> -d</span><br><span class="line">up----AO</span><br><span class="line">su - eva</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x17"><a href="#MISSION-0x17" class="headerlink" title="MISSION 0x17"></a>MISSION 0x17</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The password of the clara user is found in a file modified on May 1, 1968.</span></span><br><span class="line">find / -<span class="built_in">type</span> f  ! -newermt <span class="string">&quot;1968-05-02 00:00:00&quot;</span> 2&gt;/dev/null</span><br><span class="line"><span class="comment"># 感觉这个方法应该可以，但是找不到文件，想起来 linux 中最早的时间是 1970-01-01，所以这个题目是故意坑你的。因为这个时间按照时间戳来算是负数，换成：</span></span><br><span class="line">find / -<span class="built_in">type</span> f  ! -newermt <span class="string">&quot;1970-01-01 00:00:00&quot;</span> 2&gt;/dev/null</span><br><span class="line"><span class="comment"># 找到文件后</span></span><br><span class="line"><span class="built_in">cat</span> /usr/lib/cmdo</span><br><span class="line">39----N9</span><br><span class="line">su - clara</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x18"><a href="#MISSION-0x18" class="headerlink" title="MISSION 0x18"></a>MISSION 0x18</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The password of user frida is in the password-protected zip (rockyou.txt can help you)</span></span><br><span class="line"><span class="comment"># 本目录下有一个 protected.zip，机器上权限不够，scp 搞下来</span></span><br><span class="line">scp -P 5000 clara@venus.hackmyvm.eu:/pwned/clara/protected.zip .</span><br><span class="line"><span class="comment"># 拿 hash</span></span><br><span class="line">zip2john protected.zip &gt; zip.hash</span><br><span class="line"><span class="comment"># 然后用 rockyou.txt 破解</span></span><br><span class="line">john protected.hash --wordlist=/usr/share/wordlists/rockyou.txt</span><br><span class="line"><span class="comment"># 拿到密码，解压</span></span><br><span class="line">unzip protected.zip</span><br><span class="line"><span class="comment"># 下一关</span></span><br><span class="line">su - frida</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x19"><a href="#MISSION-0x19" class="headerlink" title="MISSION 0x19"></a>MISSION 0x19</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The password of eliza is the only string that is repeated (unsorted) in repeated.txt</span></span><br><span class="line"><span class="comment"># only string 说的只有一个这样的字符串，是重复的，也就是连续重复的</span></span><br><span class="line">grep -Pzo <span class="string">&#x27;(?m)(.+\n)\1&#x27;</span> repeated.txt</span><br><span class="line"><span class="comment"># 找到密码</span></span><br><span class="line">su - eliza</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x20"><a href="#MISSION-0x20" class="headerlink" title="MISSION 0x20"></a>MISSION 0x20</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The user iris has left me her key.</span></span><br><span class="line"><span class="built_in">cat</span> .iris_key</span><br><span class="line"><span class="comment"># 用这个 key 登陆</span></span><br><span class="line">ssh iris@127.0.0.1 -i .iris_key</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x21"><a href="#MISSION-0x21" class="headerlink" title="MISSION 0x21"></a>MISSION 0x21</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># User eloise has saved her password in a particular way.</span></span><br><span class="line"><span class="comment"># 本目录下有一个文件，eloise</span></span><br><span class="line">file eloise</span><br><span class="line"><span class="comment"># eloise: ASCII text</span></span><br><span class="line"><span class="comment"># 看起来是个 base64 编码</span></span><br><span class="line"><span class="built_in">cat</span> eloise | <span class="built_in">base64</span> -d</span><br><span class="line"><span class="comment"># 看到文件头是JFIF 是个jpg文件</span></span><br><span class="line"><span class="built_in">cat</span> eloise | <span class="built_in">base64</span> -d &gt; /var/tmp/eloise.jpg</span><br><span class="line">scp -P 5000 iris@venus.hackmyvm.eu:/var/tmp/eloise.jpg .</span><br><span class="line"><span class="comment"># 打开图片，看到密码，注意这里有个坑，多看看字母、数字、大小写</span></span><br><span class="line">su - eloise</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x22"><a href="#MISSION-0x22" class="headerlink" title="MISSION 0x22"></a>MISSION 0x22</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># User lucia has been creative in saving her password.</span></span><br><span class="line"><span class="comment"># 本目录下有一个文件，hi</span></span><br><span class="line"><span class="built_in">cat</span> hi</span><br><span class="line"><span class="comment"># 00000000: 7576 4d77 4644 5172 5157 504d 6547 500a</span></span><br><span class="line"><span class="comment"># Hexdmp 一下 ，看到密码</span></span><br><span class="line">xxd -r hi</span><br><span class="line"></span><br><span class="line">su - lucia</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x23"><a href="#MISSION-0x23" class="headerlink" title="MISSION 0x23"></a>MISSION 0x23</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The user isabel has left her password in a file in the /etc/xdg folder but she does not remember the name, however she has dict.txt that can help her to remember.</span></span><br><span class="line"></span><br><span class="line"><span class="comment"># 本目录下有一个文件，dict.txt （里面有一个 hidden flag）</span></span><br><span class="line"></span><br><span class="line"><span class="comment"># 用dict.txt中的每一行作为参数，执行cat命令</span></span><br><span class="line">xargs -a dict.txt -I &#123;&#125; <span class="built_in">cat</span> /etc/xdg/&#123;&#125; 2</span><br><span class="line"><span class="comment"># 发现密码</span></span><br><span class="line">su - isabel</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x24"><a href="#MISSION-0x24" class="headerlink" title="MISSION 0x24"></a>MISSION 0x24</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The password of the user freya is the only string that is not repeated in different.txt</span></span><br><span class="line"><span class="comment"># 只有一个不重复的字符串</span></span><br><span class="line"><span class="built_in">sort</span> different.txt | <span class="built_in">uniq</span> -u</span><br><span class="line"><span class="comment"># 找到密码</span></span><br><span class="line">su - freya</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x25"><a href="#MISSION-0x25" class="headerlink" title="MISSION 0x25"></a>MISSION 0x25</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># User alexa puts her password in a .txt file in /free every minute and then deletes it.</span></span><br><span class="line"><span class="comment"># /free 这个目录下有一个 txt 文件，马上回删掉</span></span><br><span class="line">watch -n 1 <span class="built_in">cat</span> /free/*.txt</span><br><span class="line"><span class="comment"># 等待一分钟，看到密码，手动停掉，如果你不够快的话，可以写个循环</span></span><br><span class="line"><span class="keyword">while</span> <span class="literal">true</span>; <span class="keyword">do</span> <span class="built_in">cat</span> /free/*.txt; <span class="built_in">sleep</span> 1;<span class="keyword">done</span>;</span><br><span class="line"><span class="comment"># 其实也不是一分钟，了解linux crontab的话，可以知道，是 0 秒的时后执行的.</span></span><br><span class="line">su - alexa</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x26"><a href="#MISSION-0x26" class="headerlink" title="MISSION 0x26"></a>MISSION 0x26</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The password of the user ariel is online! (HTTP)</span></span><br><span class="line">curl localhost</span><br><span class="line"><span class="comment"># 找到密码</span></span><br><span class="line">su - ariel</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x27"><a href="#MISSION-0x27" class="headerlink" title="MISSION 0x27"></a>MISSION 0x27</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># Seems that ariel dont save the password for lola, but there is a temporal file.</span></span><br><span class="line"><span class="comment"># 本目录下有一个文件，.goas.swp 这种是 vim 的临时文件</span></span><br><span class="line">vim .goas</span><br><span class="line"><span class="comment"># 会提示你是否恢复，输入 r 回车 或者 vim -r .goas</span></span><br><span class="line"><span class="comment"># 可能还有一个提示，告诉你现在有几个人，那几个历史，选择一个，我 选的 1，root 用户的。</span></span><br><span class="line"><span class="comment"># 里面有一堆密码，挨个试试就行，或者 hydra 跑一下，不过按照出题一般的规律，都是中间偏下，我试了 3 个就出来了。</span></span><br><span class="line">su - lola</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x28"><a href="#MISSION-0x28" class="headerlink" title="MISSION 0x28"></a>MISSION 0x28</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The user celeste has left a list of names of possible .html pages where to find her password.</span></span><br><span class="line"><span class="comment"># 本目录下有一个文件，pages.txt</span></span><br><span class="line"><span class="built_in">cat</span> pages.txt</span><br><span class="line"><span class="comment"># 里面是一堆文件名，配合 xargs</span></span><br><span class="line">xargs -a pages.txt -I &#123;&#125; curl localhost/&#123;&#125; 2&gt;/dev/null</span><br><span class="line"><span class="comment"># 或者 直接去/var/www/html/下找</span></span><br><span class="line">xargs -a pages.txt -I &#123;&#125; find /var/www/html/ -name <span class="string">&quot;&#123;&#125;.html&quot;</span> 2&gt;/dev/null</span><br><span class="line"><span class="comment"># 找到密码</span></span><br><span class="line">/var/www/html/cebolla.html</span><br><span class="line">curl localhost/cebolla.html</span><br><span class="line">su - celeste</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x29"><a href="#MISSION-0x29" class="headerlink" title="MISSION 0x29"></a>MISSION 0x29</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The user celeste has access to mysql but for what?</span></span><br><span class="line">mysql -u celeste -p</span><br><span class="line">show databases;</span><br><span class="line">use venus;</span><br><span class="line">show tables;</span><br><span class="line"><span class="keyword">select</span> * from people;</span><br><span class="line"><span class="comment"># 此处有一个 hidden flag</span></span><br><span class="line"><span class="comment"># 里面有一堆用户，那下一个用户是谁呢？</span></span><br><span class="line"><span class="built_in">cat</span> /etc/passwd</span><br><span class="line"><span class="comment"># celeste的下一个用户是 nina，sql 中也有，于是</span></span><br><span class="line">su - nina</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x30"><a href="#MISSION-0x30" class="headerlink" title="MISSION 0x30"></a>MISSION 0x30</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The user kira is hidding something in http://localhost/method.php</span></span><br><span class="line">curl localhost/method.php</span><br><span class="line"><span class="comment"># I dont like this method!</span></span><br><span class="line"><span class="comment"># 用 POST 请求</span></span><br><span class="line">curl -X POST localhost/method.php</span><br><span class="line"><span class="comment"># 还是没有，HTTP一共就没几个Method，常用的GET,POST,PUT,DELETE,HEAD,OPTIONS,TRACE,CONNECT</span></span><br><span class="line">curl -X PUT localhost/method.php</span><br><span class="line"><span class="comment"># 找到密码</span></span><br><span class="line">su - kira</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x31"><a href="#MISSION-0x31" class="headerlink" title="MISSION 0x31"></a>MISSION 0x31</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The user veronica visits a lot http://localhost/waiting.php</span></span><br><span class="line">curl localhost/waiting.php</span><br><span class="line"><span class="comment"># Im waiting for the user-agent PARADISE</span></span><br><span class="line"><span class="comment"># 用 user-agent 请求</span></span><br><span class="line">curl -A <span class="string">&quot;PARADISE&quot;</span> localhost/waiting.php</span><br><span class="line"><span class="comment"># 找到密码</span></span><br><span class="line">su - veronica</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x32"><a href="#MISSION-0x32" class="headerlink" title="MISSION 0x32"></a>MISSION 0x32</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The user veronica uses a lot the password from lana, so she created an alias</span></span><br><span class="line"><span class="built_in">alias</span></span><br><span class="line"><span class="comment"># 找到密码</span></span><br><span class="line">su - lana</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x33"><a href="#MISSION-0x33" class="headerlink" title="MISSION 0x33"></a>MISSION 0x33</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The user noa loves to compress her things.</span></span><br><span class="line"><span class="comment"># 本目录下有一个文件，zip.gz</span></span><br><span class="line"><span class="comment"># 先scp</span></span><br><span class="line">scp -P 5000 lana@venus.hackmyvm.eu:/pwned/lana/zip.gz .</span><br><span class="line"><span class="comment"># 然后解压</span></span><br><span class="line">tar -zxvf zip.gz</span><br><span class="line"><span class="built_in">cat</span>  pwned/lana/zip</span><br><span class="line"><span class="comment"># 找到密码</span></span><br><span class="line">su - noa</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x34"><a href="#MISSION-0x34" class="headerlink" title="MISSION 0x34"></a>MISSION 0x34</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The password of maia is surrounded by trash</span></span><br><span class="line"><span class="comment"># 本目录下有一个文件，trash</span></span><br><span class="line">file trash</span><br><span class="line"><span class="comment"># trash: OpenPGP Secret Key</span></span><br><span class="line"><span class="comment"># 看起来是个 gpg 文件，去折腾了一会 OpenPGP Secret Key，直接 vim，在众多乱码中找到密码，才悟到这个题目的意思。 surrounded by trash</span></span><br><span class="line"></span><br><span class="line"><span class="comment"># 后来看到大傻子的 wp，发现这个文件是个二进制文件，用 strings 命令就可以看到密码了。</span></span><br><span class="line">strings trash</span><br><span class="line">su - maia</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x35"><a href="#MISSION-0x35" class="headerlink" title="MISSION 0x35"></a>MISSION 0x35</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The user gloria has forgotten the last 2 characters of her password ... They only remember that they were 2 lowercase letters.</span></span><br><span class="line"></span><br><span class="line"><span class="built_in">cat</span> forget</span><br><span class="line"><span class="comment"># v7xUVE2e5bjUc??</span></span><br><span class="line"></span><br><span class="line"><span class="comment"># 用 crunch 生成密码</span></span><br><span class="line">crunch 15 15 -t v7xUVE2e5bjUc@@ &gt;&gt; pass_for_gloria.txt</span><br><span class="line"><span class="comment"># 然后用 hydra 跑一下</span></span><br><span class="line">hydra -l gloria -P pass_for_gloria.txt -s 5000 venus.hackmyvm.eu ssh</span><br><span class="line"></span><br><span class="line"><span class="comment"># 找到密码</span></span><br><span class="line">su - gloria</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x36"><a href="#MISSION-0x36" class="headerlink" title="MISSION 0x36"></a>MISSION 0x36</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># User alora likes drawings, that&#x27;s why she saved her password as ...</span></span><br><span class="line">file image</span><br><span class="line"><span class="comment"># image: ASCII text</span></span><br><span class="line"><span class="comment"># 嗯？文本？</span></span><br><span class="line"><span class="built_in">cat</span> image</span><br><span class="line"><span class="comment"># 是个二维码，用手机扫一下，得到密码</span></span><br><span class="line"></span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x37"><a href="#MISSION-0x37" class="headerlink" title="MISSION 0x37"></a>MISSION 0x37</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The user julie has created an iso with her password.</span></span><br><span class="line"><span class="comment"># 本目录下有一个文件，iso</span></span><br><span class="line">file music.iso</span><br><span class="line"><span class="comment"># music.iso: ISO 9660 CD-ROM filesystem data &#x27;CDROM&#x27;</span></span><br><span class="line"><span class="comment"># 既然有密码，那么</span></span><br><span class="line">strings music.iso</span><br><span class="line"><span class="comment"># 找到密码</span></span><br><span class="line"></span><br><span class="line">su - julie</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x38"><a href="#MISSION-0x38" class="headerlink" title="MISSION 0x38"></a>MISSION 0x38</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The user irene believes that the beauty is in the difference.</span></span><br><span class="line"><span class="comment"># 本目录下有1.txt 2.txt</span></span><br><span class="line">diff 1.txt 2.txt</span><br><span class="line"><span class="comment"># 找到密码</span></span><br><span class="line">su - irene</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x39"><a href="#MISSION-0x39" class="headerlink" title="MISSION 0x39"></a>MISSION 0x39</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The user adela has lent her password to irene.</span></span><br><span class="line">-rw-r----- 1 root  irene 1704 Jul 26  2023 id_rsa.pem</span><br><span class="line">-rw-r----- 1 root  irene  451 Jul 26  2023 id_rsa.pub</span><br><span class="line">-rw-r----- 1 root  irene  178 Jul 26  2023 mission.txt</span><br><span class="line">-rw-r----- 1 root  irene  256 Jul 26  2023 pass.enc</span><br><span class="line"></span><br><span class="line"><span class="comment"># 应该是解密</span></span><br><span class="line">openssl rsautl -decrypt -inkey id_rsa.pem -<span class="keyword">in</span> pass.enc</span><br><span class="line"><span class="comment"># 找到密码</span></span><br><span class="line">su - adela</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x40"><a href="#MISSION-0x40" class="headerlink" title="MISSION 0x40"></a>MISSION 0x40</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># User sky has saved her password to something that can be listened to.</span></span><br><span class="line"><span class="comment"># 本目录下有一个文件，wtf</span></span><br><span class="line"><span class="built_in">cat</span> wtf</span><br><span class="line"><span class="comment">#  .--. .- .--. .- .--. .- .-. .- -.. .. ... .</span></span><br><span class="line"><span class="comment"># 用摩斯密码解密,找到密码，注意密码小写</span></span><br><span class="line">su - sky</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x41"><a href="#MISSION-0x41" class="headerlink" title="MISSION 0x41"></a>MISSION 0x41</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># User sarah uses header in http://localhost/key.php</span></span><br><span class="line"><span class="comment"># 这里输入 history 有一个 hidden flag (有一个 .bash_history 文件)</span></span><br><span class="line">curl -H <span class="string">&quot;key&quot;</span> localhost/key.php</span><br><span class="line"><span class="comment"># Key header is true?  看来是要用 key:true</span></span><br><span class="line">curl -H <span class="string">&quot;key: true&quot;</span> localhost/key.php</span><br><span class="line"></span><br><span class="line"><span class="comment"># 找到密码</span></span><br><span class="line">su - sarah</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x42"><a href="#MISSION-0x42" class="headerlink" title="MISSION 0x42"></a>MISSION 0x42</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The password of mercy is hidden in this directory.</span></span><br><span class="line"><span class="comment"># 本目录下有一个文件, 我找了很久才发现</span></span><br><span class="line">drwxr-x--- 2 root  sarah 4096 Jul 26  2023 .</span><br><span class="line">drwxr-xr-x 1 root  root  4096 Jul 26  2023 ..</span><br><span class="line">-rw-r----- 1 root  sarah   16 Jul 26  2023 ...</span><br><span class="line">-rw-r--r-- 1 sarah sarah  220 Apr 23  2023 .bash_logout</span><br><span class="line">-rw-r--r-- 1 sarah sarah 3526 Apr 23  2023 .bashrc</span><br><span class="line">-rw-r--r-- 1 sarah sarah  807 Apr 23  2023 .profile</span><br><span class="line">-rw-r----- 1 root  sarah   31 Jul 26  2023 flagz.txt</span><br><span class="line">-rw-r----- 1 root  sarah  175 Jul 26  2023 mission.txt</span><br><span class="line"></span><br><span class="line"><span class="built_in">cat</span> ...</span><br><span class="line"><span class="comment"># 找到密码</span></span><br><span class="line">su - mercy</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x43"><a href="#MISSION-0x43" class="headerlink" title="MISSION 0x43"></a>MISSION 0x43</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># User mercy is always wrong with the password of paula.</span></span><br><span class="line"><span class="comment"># 既然经常错，那么</span></span><br><span class="line"><span class="built_in">history</span></span><br><span class="line"><span class="comment"># 找到密码</span></span><br><span class="line">su - paula</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x44"><a href="#MISSION-0x44" class="headerlink" title="MISSION 0x44"></a>MISSION 0x44</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment">#  The user karla trusts me, she is part of my group of friends.</span></span><br><span class="line"><span class="comment"># 我的组里？ 看下：</span></span><br><span class="line"><span class="built_in">groups</span></span><br><span class="line"><span class="comment"># paula hidden</span></span><br><span class="line"><span class="comment"># 我有一个 hidden 的组，那么，看下 组hidden都有那些文件</span></span><br><span class="line">find / -group hidden 2&gt;/dev/null</span><br><span class="line"><span class="comment"># /usr/src/.karl-a</span></span><br><span class="line"><span class="built_in">cat</span> /usr/src/.karl-a</span><br><span class="line"><span class="comment"># 找到密码</span></span><br><span class="line">su - karla</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x45"><a href="#MISSION-0x45" class="headerlink" title="MISSION 0x45"></a>MISSION 0x45</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># User denise has saved her password in the image.</span></span><br><span class="line"><span class="comment"># 本目录下有一个文件，yuju.jpg</span></span><br><span class="line">file yuju.jpg</span><br><span class="line"><span class="comment"># yuju.jpg: JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 442x463, components 3</span></span><br><span class="line"></span><br><span class="line"><span class="comment"># 是不是在 exif 里面？</span></span><br><span class="line">exiftool yuju.jpg</span><br><span class="line"><span class="comment"># 找到密码</span></span><br><span class="line">su - denise</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x46"><a href="#MISSION-0x46" class="headerlink" title="MISSION 0x46"></a>MISSION 0x46</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The user zora is screaming doas!</span></span><br><span class="line"><span class="comment"># 用 doas 命令</span></span><br><span class="line">doas -u zora /bin/bash</span><br><span class="line"><span class="built_in">cd</span></span><br><span class="line"></span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x47"><a href="#MISSION-0x47" class="headerlink" title="MISSION 0x47"></a>MISSION 0x47</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The user belen has left her password in venus.hmv</span></span><br><span class="line"><span class="comment"># 没有其他提示了。直接 curl 一下？</span></span><br><span class="line">curl venus.hmv</span><br><span class="line"><span class="comment"># 找到密码</span></span><br><span class="line">su - belen</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x48"><a href="#MISSION-0x48" class="headerlink" title="MISSION 0x48"></a>MISSION 0x48</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># It seems that belen has stolen the password of the user leona...</span></span><br><span class="line"><span class="comment"># 本目录下有一个文件，stolen.txt</span></span><br><span class="line"><span class="built_in">cat</span> stolen.txt</span><br><span class="line"><span class="comment"># $1$leona$lhWp56YnWAMz6z32Bw53L0</span></span><br><span class="line"><span class="comment"># 这是个 hash，用 john 破解</span></span><br><span class="line">john stolen.txt --wordlist=/usr/share/wordlists/rockyou.txt</span><br><span class="line"><span class="comment"># 找到密码</span></span><br><span class="line">su - leona</span><br></pre></td></tr></table></figure>

<h1 id="MISSION-0x49"><a href="#MISSION-0x49" class="headerlink" title="MISSION 0x49"></a>MISSION 0x49</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># User ava plays a lot with the DNS of venus.hmv lately...</span></span><br><span class="line"><span class="comment"># dns ?</span></span><br><span class="line"><span class="built_in">cat</span>  /etc/resolv.conf</span><br><span class="line"><span class="comment"># 看到 nameserver 127.0.0.11</span></span><br><span class="line"><span class="comment"># 查看所有 dns 配置</span></span><br><span class="line"><span class="built_in">cat</span> /etc/bind/*</span><br><span class="line"><span class="comment"># 找到密码</span></span><br><span class="line">su - ava</span><br></pre></td></tr></table></figure>


<h1 id="MISSION-0x50"><a href="#MISSION-0x50" class="headerlink" title="MISSION 0x50"></a>MISSION 0x50</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># The password of maria is somewhere...</span></span><br><span class="line"><span class="comment"># 最后一关，果然没有提示了. 最后看了别人的 WP 才知道，密码竟然是那个摩斯密码。。。</span></span><br><span class="line">su - maria</span><br></pre></td></tr></table></figure>



<h1 id="MISSION-0x51"><a href="#MISSION-0x51" class="headerlink" title="MISSION 0x51"></a>MISSION 0x51</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cat</span> mission.txt</span><br><span class="line"><span class="comment"># Congrats!</span></span><br><span class="line"></span><br><span class="line"><span class="comment"># 至此 50 关全部通关</span></span><br></pre></td></tr></table></figure>



<h1 id="学到的技巧总结："><a href="#学到的技巧总结：" class="headerlink" title="学到的技巧总结："></a>学到的技巧总结：</h1><p>如果有一个文件名为 - ，可以使用 <code>cat ./-</code> 来读取文件内容。</p>
<h2 id="find-命令："><a href="#find-命令：" class="headerlink" title="find 命令："></a>find 命令：</h2><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br></pre></td><td class="code"><pre><span class="line">find / -name <span class="string">&quot;filename.txt&quot;</span></span><br><span class="line"></span><br><span class="line"><span class="comment"># 如何用 byte 的大小找到文 找到大小为 6969 字节的文件</span></span><br><span class="line">find / -<span class="built_in">type</span> f -size 6969c</span><br><span class="line"></span><br><span class="line"><span class="comment"># 去掉无权限的报错：</span></span><br><span class="line">find / -<span class="built_in">type</span> f -size 6969c 2&gt;/dev/null</span><br><span class="line"></span><br><span class="line"><span class="comment"># 用 owner/group 来 find 文件</span></span><br><span class="line">find / -<span class="built_in">type</span> f -user root 2&gt;/dev/null</span><br><span class="line">find / -<span class="built_in">type</span> f -group hidden 2&gt;/dev/null</span><br><span class="line"></span><br><span class="line"><span class="comment"># 查找在过去7天内被修改的文件</span></span><br><span class="line">find /path/to/search -mtime -7</span><br><span class="line"></span><br><span class="line"><span class="comment">## grep 命令：</span></span><br><span class="line"></span><br><span class="line">```bash</span><br><span class="line"><span class="comment"># 在 /etc 目录下查找包含 &quot;password&quot; 的文件</span></span><br><span class="line">grep -r <span class="string">&quot;password&quot;</span> /etc</span><br><span class="line"></span><br><span class="line"><span class="comment"># 找到连续两个一样的</span></span><br><span class="line">grep -Pzo <span class="string">&#x27;(?m)(.+\n)\1&#x27;</span> repeated.txt</span><br></pre></td></tr></table></figure>

<h1 id="xargs-命令："><a href="#xargs-命令：" class="headerlink" title="xargs 命令："></a>xargs 命令：</h1><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># 用dict.txt中的每一行作为参数，执行cat命令</span></span><br><span class="line">xargs -a dict.txt -I &#123;&#125; <span class="built_in">cat</span> /etc/xdg/&#123;&#125;/</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"><span class="comment">#-a dict.txt: 指定文件 dict.txt 作为 xargs 的输入。</span></span><br><span class="line"><span class="comment">#-I &#123;&#125;: 指定占位符 &#123;&#125; 用于替换参数。</span></span><br><span class="line"><span class="comment">#cat /etc/xdg/&#123;&#125;: 拼接 /etc/xdg/ 和从 dict.txt 中读取的每个文件名，并将其作为参数传递给 cat 命令。</span></span><br><span class="line"></span><br></pre></td></tr></table></figure>

<h2 id="awk-命令："><a href="#awk-命令：" class="headerlink" title="awk 命令："></a>awk 命令：</h2><figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># 找到重复的行</span></span><br><span class="line"><span class="built_in">sort</span> different.txt | <span class="built_in">uniq</span> -u | awk <span class="string">&#x27;NR==1&#123;print&#125;&#x27;</span></span><br></pre></td></tr></table></figure>

    </div>

    
    
    

      <footer class="post-footer">
          <div class="post-tags">
              <a href="/tags/%E5%AE%89%E5%85%A8-%E9%9D%B6%E5%9C%BA/" rel="tag"># 安全 靶场</a>
          </div>

        


        
    <div class="post-nav">
      <div class="post-nav-item">
    <a href="/2024/02/04/hmv-%E5%A4%8D%E7%9B%98HackMyVM-challenges-docker-059/" rel="prev" title="复盘HackMyVM challenges docker 059">
      <i class="fa fa-chevron-left"></i> 复盘HackMyVM challenges docker 059
    </a></div>
      <div class="post-nav-item">
    <a href="/2024/02/08/hmv-HMVLabs-Chapter-2-Hades/" rel="next" title="HMVLabs Chapter 2: Hades">
      HMVLabs Chapter 2: Hades <i class="fa fa-chevron-right"></i>
    </a></div>
    </div>
      </footer>
    
  </article>
  
  
  



          </div>
          

<script>
  window.addEventListener('tabs:register', () => {
    let { activeClass } = CONFIG.comments;
    if (CONFIG.comments.storage) {
      activeClass = localStorage.getItem('comments_active') || activeClass;
    }
    if (activeClass) {
      let activeTab = document.querySelector(`a[href="#comment-${activeClass}"]`);
      if (activeTab) {
        activeTab.click();
      }
    }
  });
  if (CONFIG.comments.storage) {
    window.addEventListener('tabs:click', event => {
      if (!event.target.matches('.tabs-comment .tab-content .tab-pane')) return;
      let commentClass = event.target.classList[1];
      localStorage.setItem('comments_active', commentClass);
    });
  }
</script>

        </div>
          
  
  <div class="toggle sidebar-toggle">
    <span class="toggle-line toggle-line-first"></span>
    <span class="toggle-line toggle-line-middle"></span>
    <span class="toggle-line toggle-line-last"></span>
  </div>

  <aside class="sidebar">
    <div class="sidebar-inner">

      <ul class="sidebar-nav motion-element">
        <li class="sidebar-nav-toc">
          文章目录
        </li>
        <li class="sidebar-nav-overview">
          站点概览
        </li>
      </ul>

      <!--noindex-->
      <div class="post-toc-wrap sidebar-panel">
          <div class="post-toc motion-element"><ol class="nav"><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x01"><span class="nav-number">1.</span> <span class="nav-text">MISSION 0x01</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x02"><span class="nav-number">2.</span> <span class="nav-text">MISSION 0x02</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x03"><span class="nav-number">3.</span> <span class="nav-text">MISSION 0x03</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x04"><span class="nav-number">4.</span> <span class="nav-text">MISSION 0x04</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x05"><span class="nav-number">5.</span> <span class="nav-text">MISSION 0x05</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x06"><span class="nav-number">6.</span> <span class="nav-text">MISSION 0x06</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x07"><span class="nav-number">7.</span> <span class="nav-text">MISSION 0x07</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x08"><span class="nav-number">8.</span> <span class="nav-text">MISSION 0x08</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x09"><span class="nav-number">9.</span> <span class="nav-text">MISSION 0x09</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x10"><span class="nav-number">10.</span> <span class="nav-text">MISSION 0x10</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x11"><span class="nav-number">11.</span> <span class="nav-text">MISSION 0x11</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x12"><span class="nav-number">12.</span> <span class="nav-text">MISSION 0x12</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x13"><span class="nav-number">13.</span> <span class="nav-text">MISSION 0x13</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x14"><span class="nav-number">14.</span> <span class="nav-text">MISSION 0x14</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x15"><span class="nav-number">15.</span> <span class="nav-text">MISSION 0x15</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x16"><span class="nav-number">16.</span> <span class="nav-text">MISSION 0x16</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x17"><span class="nav-number">17.</span> <span class="nav-text">MISSION 0x17</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x18"><span class="nav-number">18.</span> <span class="nav-text">MISSION 0x18</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x19"><span class="nav-number">19.</span> <span class="nav-text">MISSION 0x19</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x20"><span class="nav-number">20.</span> <span class="nav-text">MISSION 0x20</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x21"><span class="nav-number">21.</span> <span class="nav-text">MISSION 0x21</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x22"><span class="nav-number">22.</span> <span class="nav-text">MISSION 0x22</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x23"><span class="nav-number">23.</span> <span class="nav-text">MISSION 0x23</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x24"><span class="nav-number">24.</span> <span class="nav-text">MISSION 0x24</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x25"><span class="nav-number">25.</span> <span class="nav-text">MISSION 0x25</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x26"><span class="nav-number">26.</span> <span class="nav-text">MISSION 0x26</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x27"><span class="nav-number">27.</span> <span class="nav-text">MISSION 0x27</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x28"><span class="nav-number">28.</span> <span class="nav-text">MISSION 0x28</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x29"><span class="nav-number">29.</span> <span class="nav-text">MISSION 0x29</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x30"><span class="nav-number">30.</span> <span class="nav-text">MISSION 0x30</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x31"><span class="nav-number">31.</span> <span class="nav-text">MISSION 0x31</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x32"><span class="nav-number">32.</span> <span class="nav-text">MISSION 0x32</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x33"><span class="nav-number">33.</span> <span class="nav-text">MISSION 0x33</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x34"><span class="nav-number">34.</span> <span class="nav-text">MISSION 0x34</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x35"><span class="nav-number">35.</span> <span class="nav-text">MISSION 0x35</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x36"><span class="nav-number">36.</span> <span class="nav-text">MISSION 0x36</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x37"><span class="nav-number">37.</span> <span class="nav-text">MISSION 0x37</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x38"><span class="nav-number">38.</span> <span class="nav-text">MISSION 0x38</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x39"><span class="nav-number">39.</span> <span class="nav-text">MISSION 0x39</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x40"><span class="nav-number">40.</span> <span class="nav-text">MISSION 0x40</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x41"><span class="nav-number">41.</span> <span class="nav-text">MISSION 0x41</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x42"><span class="nav-number">42.</span> <span class="nav-text">MISSION 0x42</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x43"><span class="nav-number">43.</span> <span class="nav-text">MISSION 0x43</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x44"><span class="nav-number">44.</span> <span class="nav-text">MISSION 0x44</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x45"><span class="nav-number">45.</span> <span class="nav-text">MISSION 0x45</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x46"><span class="nav-number">46.</span> <span class="nav-text">MISSION 0x46</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x47"><span class="nav-number">47.</span> <span class="nav-text">MISSION 0x47</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x48"><span class="nav-number">48.</span> <span class="nav-text">MISSION 0x48</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x49"><span class="nav-number">49.</span> <span class="nav-text">MISSION 0x49</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x50"><span class="nav-number">50.</span> <span class="nav-text">MISSION 0x50</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#MISSION-0x51"><span class="nav-number">51.</span> <span class="nav-text">MISSION 0x51</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#%E5%AD%A6%E5%88%B0%E7%9A%84%E6%8A%80%E5%B7%A7%E6%80%BB%E7%BB%93%EF%BC%9A"><span class="nav-number">52.</span> <span class="nav-text">学到的技巧总结：</span></a><ol class="nav-child"><li class="nav-item nav-level-2"><a class="nav-link" href="#find-%E5%91%BD%E4%BB%A4%EF%BC%9A"><span class="nav-number">52.1.</span> <span class="nav-text">find 命令：</span></a></li></ol></li><li class="nav-item nav-level-1"><a class="nav-link" href="#xargs-%E5%91%BD%E4%BB%A4%EF%BC%9A"><span class="nav-number">53.</span> <span class="nav-text">xargs 命令：</span></a><ol class="nav-child"><li class="nav-item nav-level-2"><a class="nav-link" href="#awk-%E5%91%BD%E4%BB%A4%EF%BC%9A"><span class="nav-number">53.1.</span> <span class="nav-text">awk 命令：</span></a></li></ol></li></ol></div>
      </div>
      <!--/noindex-->

      <div class="site-overview-wrap sidebar-panel">
        <div class="site-author motion-element" itemprop="author" itemscope itemtype="http://schema.org/Person">
    <img class="site-author-image" itemprop="image" alt="Todd"
      src="https://mp-b6a394ba-6e60-4cdf-941a-67c55476595e.cdn.bspapp.com/cloudstorage/43eb35ef-1aed-4d61-9ebb-a777fa49e70a.">
  <p class="site-author-name" itemprop="name">Todd</p>
  <div class="site-description" itemprop="description">把生命浪费在美好的实物上</div>
</div>
<div class="site-state-wrap motion-element">
  <nav class="site-state">
      <div class="site-state-item site-state-posts">
          <a href="/archives/">
        
          <span class="site-state-item-count">34</span>
          <span class="site-state-item-name">日志</span>
        </a>
      </div>
      <div class="site-state-item site-state-categories">
            <a href="/categories/">
          
        <span class="site-state-item-count">2</span>
        <span class="site-state-item-name">分类</span></a>
      </div>
      <div class="site-state-item site-state-tags">
            <a href="/tags/">
          
        <span class="site-state-item-count">7</span>
        <span class="site-state-item-name">标签</span></a>
      </div>
  </nav>
</div>
  <div class="links-of-author motion-element">
      <span class="links-of-author-item">
        <a href="https://github.com/ghostlitao" title="GitHub → https:&#x2F;&#x2F;github.com&#x2F;ghostlitao" rel="noopener" target="_blank"><i class="fab fa-github fa-fw"></i>GitHub</a>
      </span>
  </div>



      </div>

    </div>
  </aside>
  <div id="sidebar-dimmer"></div>


      </div>
    </main>

    <footer class="footer">
      <div class="footer-inner">
        

        

<div class="copyright">
  
  &copy; 2019 – 
  <span itemprop="copyrightYear">2024</span>
  <span class="with-love">
    <i class="fa fa-heart"></i>
  </span>
  <span class="author" itemprop="copyrightHolder">Todd</span>
</div>
  <div class="powered-by">由 <a href="https://hexo.io/" class="theme-link" rel="noopener" target="_blank">Hexo</a> & <a href="https://theme-next.org/" class="theme-link" rel="noopener" target="_blank">NexT.Gemini</a> 强力驱动
  </div>

        








      </div>
    </footer>
  </div>

  
  <script src="/lib/anime.min.js"></script>
  <script src="/lib/velocity/velocity.min.js"></script>
  <script src="/lib/velocity/velocity.ui.min.js"></script>

<script src="/js/utils.js"></script>

<script src="/js/motion.js"></script>


<script src="/js/schemes/pisces.js"></script>


<script src="/js/next-boot.js"></script>




  















  

  

</body>
</html>
